Abstract:The physical security of nuclear power plants and their vulnerability to deliberate acts of
terrorism was elevated to a national security concern following the attacks of September 11,
2001. Since the attacks, Congress has repeatedly focused oversight and legislative attention on
nuclear power plant security requirements established and enforced by the Nuclear Regulatory
Commission (NRC).

The Energy Policy Act of 2005 (EPACT05, P.L. 109-58) imposed specific criteria for NRC to
consider in revising the “Design Basis Threat” (DBT), which specifies the maximum severity of
potential attacks that a nuclear plant’s security force must be capable of repelling. In response to
the legislative mandate, NRC revised the DBT (10 C.F.R. Part 73.1) on April 18, 2007. Among
other changes, the revisions expanded the assumed capabilities of adversaries to operate as one or
more teams and attack from multiple entry points.

To strengthen nuclear plant security inspections, EPACT05 required NRC to conduct “force-onforce”
security exercises at nuclear power plants at least once every three years. In these
exercises, a mock adversary force from outside a nuclear plant attempts to penetrate the plant’s
vital area and simulate damage to a “target set” of key safety components. From the start of the
program through 2009, 112 force-on-force inspections were conducted, with each inspection
typically including three mock attacks by the adversary force. During the 112 inspections, eight
mock attacks resulted in the simulated destruction of complete target sets, indicating inadequate
protection against the DBT, and additional security measures were promptly implemented,
according to NRC.

EPACT05 also included provisions for fingerprinting and criminal background checks of security
personnel, their use of firearms, and the unauthorized introduction of dangerous weapons. The
designation of facilities subject to enforcement of penalties for sabotage was expanded to include
waste treatment and disposal facilities.

Nuclear power plant vulnerability to deliberate aircraft crashes has been a continuing issue. After
much consideration, NRC published final rules on June 12, 2009, to require all new nuclear
power plants to incorporate design features that would ensure that, in the event of a crash by a
large commercial aircraft, the reactor core would remain cooled or the reactor containment would
remain intact, and radioactive releases would not occur from spent fuel storage pools.

NRC rejected proposals that existing reactors also be required to protect against aircraft crashes,
such as by adding large external steel barriers, deciding that other mitigation measures already
required by NRC for all reactors were sufficient. In 2002, NRC ordered all nuclear power plants
to develop strategies to mitigate the effects of large fires and explosions that could result from
aircraft crashes or other causes. NRC published a broad final rule on nuclear reactor security
March 27, 2009, including fire mitigation strategies and requirements that reactors establish
procedures for responding to specific aircraft threats.

Other ongoing nuclear plant security issues include the vulnerability of spent fuel pools, which
hold highly radioactive nuclear fuel after its removal from the reactor, standards for nuclear plant
security personnel, and nuclear plant emergency planning. NRC’s March 2009 security
regulations addressed some of those concerns and included a number of other security
enhancements.